pub struct Request {
pub client_data_hash: Bytes,
pub rp: PublicKeyCredentialRpEntity,
pub user: PublicKeyCredentialUserEntity,
pub pub_key_cred_params: Vec<PublicKeyCredentialParameters>,
pub exclude_list: Option<Vec<PublicKeyCredentialDescriptor>>,
pub extensions: Option<ExtensionInputs>,
pub options: Options,
pub pin_auth: Option<Bytes>,
pub pin_protocol: Option<u8>,
}Expand description
While similar in structure to PublicKeyCredentialCreationOptions,
it is not completely identical, namely the presence of the options key.
Fields§
§client_data_hash: BytesHash of the ClientData contextual binding specified by host.
rp: PublicKeyCredentialRpEntityThis PublicKeyCredentialRpEntity data structure describes a Relying Party with which the
new public key credential will be associated. It contains the Relying party identifier
of type text string, (optionally) a human-friendly RP name of type text string,
and (optionally) a URL of type text string, referencing a RP icon image. The RP name is
to be used by the authenticator when displaying the credential to the user for selection
and usage authorization. The RP name and URL are optional so that the RP can be more
privacy friendly if it chooses to. For example, for authenticators with a display, RP
may not want to display name/icon for single-factor scenarios.
user: PublicKeyCredentialUserEntityThis PublicKeyCredentialUserEntity data structure describes the user account to
which the new public key credential will be associated at the RP. It contains an
RP-specific user account identifier of type byte array, (optionally) a user name of type
text string, (optionally) a user display name of type text string, and (optionally) a
URL of type text string, referencing a user icon image (of a user avatar, for example).
The authenticator associates the created public key credential with the account
identifier, and MAY also associate any or all of the user name, user display name, and
image data (pointed to by the URL, if any). The user name, display name, and URL are
optional for privacy reasons for single-factor scenarios where only user presence is
required. For example, in certain closed physical environments like factory floors, user
presence only authenticators can satisfy RP’s productivity and security needs. In these
environments, omitting user name, display name and URL makes the credential more privacy
friendly. Although this information is not available without user verification, devices
which support user verification but do not have it configured, can be tricked into
releasing this information by configuring the user verification.
pub_key_cred_params: Vec<PublicKeyCredentialParameters>A sequence of CBOR maps consisting of pairs of PublicKeyCredentialType (a string) and
cryptographic algorithm (a positive or negative integer), where algorithm identifiers
are values that SHOULD be registered in the IANA COSE Algorithms registry
coset::iana::Algorithm. This sequence is ordered from most preferred (by the RP) to least
preferred.
exclude_list: Option<Vec<PublicKeyCredentialDescriptor>>A sequence of PublicKeyCredentialDescriptor structures, as specified in webauthn.
The authenticator returns an error if the authenticator already contains one of
the credentials enumerated in this sequence. This allows RPs to limit the creation of
multiple credentials for the same account on a single authenticator.
extensions: Option<ExtensionInputs>Parameters to influence authenticator operation, as specified in webauthn.
These parameters might be authenticator specific.
options: OptionsParameters to influence authenticator operation, see Options for more details.
pin_auth: Option<Bytes>First 16 bytes of HMAC-SHA-256 of clientDataHash using pinToken which platform got from the authenticator: HMAC-SHA-256(pinToken, clientDataHash). (NOT YET SUPPORTED)
pin_protocol: Option<u8>PIN protocol version chosen by the client
if ever we hit more than 256 protocol versions, an enhacement request should be filed.